From 837ec70e3ee4378f4d7a0a616ad0f291b311152a Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 1 Apr 2013 18:22:07 +0400
Subject: validate_session: check for user agent

---
 include/sessions.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include/sessions.php')

diff --git a/include/sessions.php b/include/sessions.php
index 81a5a7383..778d00e3a 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -57,6 +57,9 @@
 		if ($_SESSION["ref_schema_version"] != session_get_schema_version($link, true))
 			return false;
 
+		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"])
+			return false;
+
 		if ($_SESSION["uid"]) {
 			$result = db_query($link,
 				"SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
-- 
cgit v1.2.3-54-g00ecf


From 7081aaa09bf57d908c77ba21276dcf71901eb184 Mon Sep 17 00:00:00 2001
From: Ryan Parrish <ryanpublic@stickystyle.net>
Date: Mon, 1 Apr 2013 10:40:28 -0400
Subject: add missing gettext libs

---
 include/sessions.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/sessions.php')

diff --git a/include/sessions.php b/include/sessions.php
index 81a5a7383..ff9d28a30 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -3,6 +3,8 @@
 
 	require_once "config.php";
 	require_once "db.php";
+	require_once "lib/accept-to-gettext.php";
+	require_once "lib/gettext/gettext.inc";
 
 	$session_expire = max(SESSION_COOKIE_LIFETIME, 86400);
 	$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid" : TTRSS_SESSION_NAME;
-- 
cgit v1.2.3-54-g00ecf